NAME

pyca - CA written in python

DESCRIPTION

The scripts in this suite are basically wrappers around openssl(1).
Additionally the scripts integrates the generic CA-functionality with
the mail-system and apache for handling certificate requests; with LDAP
for handling distributing certificates and revocation lists; and cron
for maintenance tasks.

PROGRAMMES

pickle-cnf.py
Create a pickled copy the OpenSSL configuration object for
faster reading of the configuration. The pickle-file name is the
name of the OpenSSL configuration file plus .pickle.
ca-make.py
Generate a CA hierarchy, all necessary files and directories and
all initial CRLs (see also signedby extension in OpenSSL
configuration file). This is intended to be run under user root
since it sets the ownership and permissions.
ca-certreq-mail.py
Handles the mail dialogue after certificate request. The SPKAC
certificate request and LDIF data is moved from the directory
pend_reqs_dir to new_reqs_dir. Set this script in your
/etc/aliases, procmailrc or similar to receive mails for the
address specified in caCertReqMailAdr.
ca-cycle-pub.py
This script is typically run by the CA admin user via CRON or a
similar task manager on a networked system holding the public
certificate data. It does several jobs:
* Publish new certificates and inform user via e-mail where to
download his certificate
* Remove stale certificate requests from pend_reqs_dir.
* Spool certificate requests and certificate revocation
requests to the system holding the CA’s private keys. (not
implemented yet)
* Spool certificates and certificate revocation lists from the
system holding the CA’s private keys. (not implemented yet)
ca-cycle-priv.py
This script is run on the system where the private keys of the
CA are stored. It does several jobs:
* Mark expired certificates in OpenSSL certificate database
* Generate new CRLs, move old CRLs to archive (not implemented
yet)
* Process certificate requests and certificate revocation
requests (not implemented yet)
* Spool certificate database, issued certificates and CRLs to
public WWW and LDAP server (not implemented yet)

SEEALSO

pyca(1)
The programs are documented fully by the HTML documents in
/usr/share/doc/pyca/htdocs/